Application Behavior Analysis denying access despite rules

Great_Gurkagong · August 16, 2006, 12:52am

(I’m using COMODO Personal Firewall version 2.2.0.11)

Hi there!
I’m trying to get System Shock 2 multiplayer to work over Hamachi, a LAN-over-internet client.

I’ve set up Application Monitor rules to allow both Shock2.exe and SHOCK2.ICD full access to the UDP protocol. Shock2.exe has “Skip parent” checked, and is set as the parent application of SHOCK2.ICD. Additionally I’ve set “Skip advanced security checks” on both files.
In the Network Monitor I’ve allowed all inbound and outbound UDP connections.
Now whenever I try to host a server, the game interface freezes and I get these two messages and nothing more in my log:

[b]Date/Time :[/b]2006-08-16 02:29:12 [b]Severity :[/b]High [b]Reporter :[/b]Application Monitor [b]Description: [/b] Application Access Denied (SHOCK2.ICD:0.0.0.0:2644) [b]Application: [/b] D:\games\Sshock2\SHOCK2.ICD [b]Parent: [/b] D:\games\Sshock2\Shock2.exe [b]Protocol: [/b] UDP In [b]Remote: [/b] 0.0.0.0:2644
Date/Time :2006-08-16 02:25:12
Severity :High
Reporter :Application Behavior Analysis
Description: Suspicious Behaviour (SHOCK2.ICD)
Application: D:\games\Sshock2\SHOCK2.ICD
Parent: D:\games\Sshock2\Shock2.exe
Protocol: UDP In
Remote: 0.0.0.0:2644
Details: D:\games\Sshock2\Shock2.exe modified the memory of D:\games\Sshock2\SHOCK2.ICD in memory.

The port is different each time.

I’ve tried disabling the Component Monitor, but that didn’t change anything.

m0ng0d · August 16, 2006, 2:17am

First off, welcome to the forums.

Application Rules set the rules for the the applications themselves, but they still operate withing the confines/boundries that define the network traffic allowed by the Network Rules.

I’m not familiar with Himachi, but the way you describe it as LAN-over-internet… it sounds alot like VPN style technology…so I will assume that the network created with it shares a common IP range. This range will need to be configured as a trusted zone, and Network Rules will need to be created to support it.

Please post a screenshot of your Network Rules as well as details on the network created by Hamachi.

Have you done any searches on the forum for Hamachi? There may be other users who have asked similar questions.

Great_Gurkagong · August 16, 2006, 2:53am

Thanks for your reply.

The problem doesn’t seem to lie with Hamachi, as I’ve just played a game of Worms World Party over it without problems.

Anyway, here’s the screenshot:

http://img234.imageshack.us/img234/6370/networkrulesrs5.png

Note that I added the TCP protocol to the rule in order to play WWP.